SSL option not available

SYSTEM INFORMATION

|Operating system|Ubuntu Linux 20.04.5|
|Webmin version|2.013|Usermin version|1.861|
|Virtualmin version|7.5|

I built 2 servers on the oracle free cloud and they share the same public subnet.
They both have the same versions of software and both are updated.
Server1 has the “Setup Apache SSL website” and it works fine
Server2 does not have the option in the create or edit.
I just ran certbot certonly and got a success message and its put the certificates in etc/letsencrypt/live… but the website is still not secure.
So why has this instance of virtualmin not included the SSL option
many thanks

see Virtual server on virtualmin keeps redirecting to wrong website - #11 by Gomez_Adams set this up & update your certs via virttualmin

Hello,

What is being set under features section in Edit Virtual Server page? Can you provide a screenshot?

In Virtualmin 7.5, by default when you create a new domain and check the “Setup Apache website” option an SSL website will also be enabled automatically. Our thinking is that there’s no reason not to always enabled SSL…

There should be no need to run certbot manually. Instead, after creation go to Server Configuration → SSL Certificate and request a Let’s Encrypt cert.

1 Like

would have been nice to know this fact … but you live & learn

It was in the changelog, but I can see it is not at all obvious what it means:

“Added support for enabling an SSL website automatically”

I got 2 installs of virtualmin 7.5 both installed on ARM - 2 core - 12gb VPS


I just made this website, it is the only one on the server
There was no option to enable SSL on creation which I understand has now been automated.
During the creation dialog it reported
Creating SSL certificate and private key …
… done
Adding new SSL virtual website …
… done
But the site does not have a certificate
I have a few sites on my other 7.5 vmin which does have the option
I have created an account plan to include SSL
and both checkboxs are ticked in the plugins SSL options
any thoughts?

What do you mean by the site doesn’t have an SSL certificate? It may have a self-signed cert which is the default if Virtualmin can’t request a valid cert at setup time from Let’s Encrypt…

And not surprisingly, the flatearth site is unsecured and the crabline site is. In fact, it says that the flatearth site doesn’t have a certificate. If it did have a self signed I would think it would have a no-good certificate error, not a no certificate at all error.

I’m on 7.5 as well and still have the enable Apache SSL website check box. I’ve never seen Virtualmin without it.

Yes, it is automatically always chained to be enabled by default.

Yes, what is the output of:

grep -Rs :443 /etc/apache2 -A 4 | grep -i virtualhost -A 4
root@beano:~# grep -Rs :443 /etc/apache2 -A 4 | grep -i virtualhost -A 4
/etc/apache2/sites-enabled/flat-earth.website.conf:<VirtualHost 10.0.0.151:443>
/etc/apache2/sites-enabled/flat-earth.website.conf- SuexecUserGroup "#1004" "#1004"
/etc/apache2/sites-enabled/flat-earth.website.conf- ServerName flat-earth.website
/etc/apache2/sites-enabled/flat-earth.website.conf- ServerAlias www.flat-earth.website
/etc/apache2/sites-enabled/flat-earth.website.conf- ServerAlias mail.flat-earth.website

Your site https://flat-earth.website works just fine. No worries.

That is good news, although I don’t know why it started working.
The DNS has been set for about a week.
Thank you for your assistance

I think it’d be better to have the “setup ssl website too” check option in there.
It enabled me to troubleshoot when ssl certificate breaks or expires causing nginx to stop functioning and reluctant to restart because of certs mismatching or any other ssl related problems.

It was easier to tackle on such problems before just by disabling the ssl option, get nginx up and running next then re-enabling the ssl option always have worked.

Sometimes expired letsencrypt certs give all sorts of problems especially when you need or decide to revert the location path of ssl certs files back to virtualmin folder from website’s home directory.

Maybe it’s just me but that little check box never really bothered me lol it’s sad to see it go.

Screenshot 2023-04-10 133129
I agree. Why doesn’t the LE request always start as renew “yes”? Why would anyone requesting a cert ever want it to not renew?

Actually, I’d be happier if the SSL certificate was not automatically generated when a site is created, and would like an option to specify this.

We run everything behind Haproxy which handles the SSL termination and communicates with the back-end sites without SSL. We can suppport more current options like HTTP/3 this way, so having SSL turned on at the back-end is a waste as it will never be used.

This is configurable in Virtualmin Configuration page, e.g.:

1 Like

Sorry, that’s only to configure a Let’s Encrypt certificate. I’m seeing a self signed certificate being generated, which is what was mentioned earlier in this thread.

I’d like an option to not generate any SSL certificate.

SSL certificate is required for HTTPS website. If u would like to run only HTTP website without encryption, than you can specify this during virtual server creation process or in tab “Edit Virtual Server”

Edit Virtual Server → Enabled features → disable option “Apache SSL website enabled”